Introduction

TorBOX can work together with any other suited Anonymizing Networks, either in addition, this means the other network will be tunneled through Tor. Also Tor can be completely exchanged with any other suited anonymizing network.

Note that all networks differ in their thread model and security! Research before you start using them.

Rudimentary TorBOX Support for Other Anonymizing Networks

Although the project's name TorBOX does not implicate it, TorBOX is agnostic about which Anonymizing Network is being used. The project name has historical reasons. TorBOX started with Tor as anonymizing network. The idea, that also other anonymizing network could be used, came much later. Can you think of, any better name to describe TorBOX? And even any better name to describe the anonymizing network agnostic?

At the moment TorBOX's support for Other Anonymizing Networks is only rudimentary and not as good as supported like the Tor network. Of course TorBOX developers respect other anonymizing networks, their developers and their users. They are simply more accustomed to the Tor network, which is also a personal preference. It's also very hard to be equally interested, educated and to stay up to date with all other anonymizing networks at the same time.

As soon as a new developer, who actively supports the other anonymizing network, joins the TorBOX project, this particular anonymizing network can be equally supported like the Tor network. For example, there is not much point in separate a 'JonDoBOX', if most of the knowledge and code is shared. Almost anything, even the project name, could be revised.

i2p anonymizing network

Unfortunately it is not possible to reliably replace the Tor network with the ​i2p network. The i2p network is mainly designed to host all services inside the i2p network. We have to update the Tor-Workstation's operating system and software packages. That is not possible with i2p. Outproxies exist (http, https and socks), but too few of them. And they are not suited for use with TorBOX. They are too unreliable (too often offline). At the moment (March 2012) there are no working https or socks outproxies, which we could use for apt-get. I2p can be used as an addition to TorBOX.

Browsing eepsites using i2p inproxies on Tor-Workstation

There are several i2p inproxies, those are similar to tor2web. Simply use your Tor Browser. Note that you will loose the end-to-end encryption to the eepsites, which i2p would provide, if you would install it directly inside Tor-Workstation or if you would use it the ordinary way. Depending on if the inproxy uses http (unencrypted), https (or is reachable through a hidden service), also Exit Nodes Eavesdropping applies. In any case, the i2p inproxy admin can see, all your traffic into the i2p network and there is no way to prevent that.
i2p inproxies:

proper's JonDonym opinion

Tunneling JonDonym over Tor makes sense in some cases. I wouldn't do it for a longer amount of time, as it adds a permanent exit server. (See TorPlusProxy for background.) Tor suffers from a few bad relays, as the servers are run by volunteers and a few of them are evil. There is Exit Nodes Eavesdropping (applies only to unencrypted traffic). Even worse, exit nodes may try to defeat SSL using sslstrip (google it, read, watch some demonstration videos) (or other tools). And/or they inject malware into the data stream. Conclusion: if you want to download something, which you can not download over SSL (and if there are also no hash sums or signatures), the JonDo exit is more trustable than a random Tor exit. Alternatively you can also use .exit, to force the use of a specific Tor exit node, which you trust more than a random one.

JonDonym over Tor inside Tor-Workstation

You can tunnel JonDonym over Tor. This could be useful, to circumvent Tor bans. But note Tor Plus Proxy (it adds a permanent exit node, like explained and the article). Not many changes are required. ​download and install it as usual. You need 'JonDo – the IP changer', either as the gui or console version. You can decide, if you prefer to use JonDoFox or the Tor Browser. If you want to use the Tor Browser, see their ​help section on how to point Firefox to JonDo.

JonDonym as Tor replacement [JonDoBOX]

Depending on your thread model, ​JonDonym can be potentially used as a replacement for Tor. Prefer the ​console version of 'JonDo – the IP changer', otherwise you would have to install a desktop environment, which needs a lot more RAM, CPU and disc space (not possible on most embedded devices).

RetroShare

In fact ​RetroShare is not an ​anonymizing network, it is a ​friend-to-friend (F2F) network, or optionally a ​darknet. It has a very different audience and thread model. RetroShare does not support using an outproxy yet, for this reason, it can not replace Tor on the Tor-Gateway. It can be used inside the Tor-Gateway. This enables you, to do things, which are normally potentially dangerous, such as adding random people (from a forum), while staying anonymous. (For example, to join a RetroShare forum.)

RetroShare over Tor

After adding tons of random "friends" from a public forum, I could connect to a very few people over TCP. Approximately only 5% were online. Although I can probable see only a very small portion of the network, the content of the network looks pretty interesting.

Freenet

Using a gateway (inproxy) inside your Tor-Workstation

Freenet inside the Tor-Workstation (Freenet over Tor)

In "classical sense" (directly and only over Tor) this is impossible. This is tested, freenet installs normally, but even with lowest security settings, connection will never be established. The problem is, that Tor does not support UDP. (There has been a ​discussion about this topic. Although it's from 2008, it doesn't look like, the situation has changed or will change.)

Another workaround: Buy, administrate and connect the SSH server anonymously though your Tor-Workstation. Install freenet on the remote location and connect from your Tor-Workstation (SSL or SSH tunnel). See the freenet wiki for more information.

Freenet on the Tor-Gateway [FreenetBOX]

Can be also potentially only be used parallel to Tor. It's impossible to tunnel Freenet through Tor (see above). Also replacing Tor with Freenet is impossible, as freenet is a separated network, not designed to exit the network. Apt-get couldn't work.

VPN's as a Tor replacement [VPNBOX]

In this chapter we explain, how you can replace Tor with a VPN. Regarding security see 'Introduction' on this page at the top. It's your responsibility to find a (non-logging, safe) free/paid VPN provider or to stick with Tor.

​source, Windows related but the routing stuff is valid for Linux as well.

First we have to ensure, that the VPN-Gateway will only connect trough the VPN service and nothing else. There are some weak alternative ways to do this. Some "VPN-Monitor" check every, let's say 500 ms, if the VPN IP is still valid, if not, kill a list of applications. This is not very secure, it's a game if that time period is sufficient to stop a leak and if killing the applications is fast enough. Another more serious option would be to use iptables rules, allow only traffic to the VPN server and to no other targets. This maybe additionally implemented later. However, using iptables for this scenario isn't the most secure option. When the IP of the VPN service gets assigned to another server, you could end up connecting to a malicious server. The most secure option is to modify the routing table.

Test if your host internet connection is working.

Test if your tor internet connection is working.

Store your routing table before starting the VPN and before modifying anything. Type in console:

route

Start VPN.

sudo openvpn /etc/openvpn/client.conf

Test if your ISP IP gets replaced with the VPN IP.

Store the modified routing table. Type in console:

route

Delete your default route and set your new default route to the virtual VPN network adapter.

sudo route del default
sudo route add default dev tun0

Test if your VPN IP is still valid.

Store the modified routing table. Type in console:

route

For testing purposes, kill your OpenVPN connection.

sudo killall openvpn

Test if you can NOT connect to anything anymore. That's the whole point to prevent any leaks in the clear.

There are two options available. 1. Transparent Proxying Method or 2. The Proxy Settings Method.

Depending on Proxy type

http proxies are not suited, because we would not be able to connect to https protected websites. The setup for https, socks4(a)/5 proxies should be very similar.

Transparent Proxying Method

Not finished.

Transparent Proxying (like TorBOX with Tor's TransPort) is, due to technical limitations, not fully supported by proxies. Proxies do not offer a DnsPort and also do not act as a DNS server. While it's possible to relay TCP and UDP traffic through the proxy on the IP level (using iptables), you would still always require known (you know the IP) DNS server. (i.e. public DNS server such as OpenDNS, Google, httpsdnsd) DNS resolution would look like: Proxy-Workstation -> Proxy-Gateway -> Proxy -> DNS server. It's technically not possible to let the proxy transparently (!) do the DNS resolution (no tools available) - at least not that we know after extended research know of. This is because proxies offer hostname resolution, but not DNS. (Sources: Leonid Evdokimov (author of ​redsocks) on mailing list, ​Transparent Proxy, DNS, without public DNS server; ​Bernd Holzmüller (author of ​transocks_ev) by e-mail)

Due to the DNS issue, you can't completely hide behind the proxy (using it transparently). You always would have to reveal, that you are using a public (or private) extra DNS resolver. Of course, you would also not only have to trust the proxy, but also the extra DNS server, which can see all your DNS queries.

Proxy Settings Method

Not finished.

Design: The Proxy-Workstation is on an isolated internal LAN (similar to TorBOX's Tor-Workstation design) and can't connect to the internet directly. (Iptables rules on the Proxy-Gateway forbid that.) All applications installed inside the Proxy-Workstation have to use the correct proxy settings or a wrapper.